Circumventing Censorship

The Citizen Lab was recently featured in the Toronto Star. Just to be clear, I do go to the gym and do not wear flip flops :). Seriously though, I’ve received many emails and read through some of the Slashdot comments and would like to make a few points.
Anti-censorship technologies do not face major technological hurdles in terms of circumvention. For the most part, any software that allows a user in a censored country to connect to another computer in an uncensored country through an encrypted connection and effectively browse through the uncensored computer will work. SSH, VPN, TOR, ApacheSSL/CGIProxy and on and on. Given the variety of circumvention options available, users must determine which solution best meets their specific needs. (See Choosing Circumvention for more information on options aw well as the difference between circumvention technology and anonymous communications systems).

But, as Bennett Haselton points out, there are weaknesses in various circumvention methods. It is important to remember that in some countries the decision to circumvent censorship is extremely important, the consequences may be severe. The context — regulations as well as level of actual enforcement — for each country will vary. Users need to be aware of the potential consequences and then make their decision.

In terms of actual use, the major issues with circumvention systems are ease of use and, as Paul Baranowski points out, the discovery mechanism:

The challenge is to prevent attackers from discovering enough nodes to disrupt the network while still allowing users to discover enough nodes to remain connected to the network.

There have been, primarily, two approaches adopted: public systems and private systems. With public systems — e.g. proxy addresses distributed via email or software that users can install and connect to a circumvention or anonymity system — one must assume that the censors also discover and subsequently block these systems. these systems exploit windows of opportunity or the period of time that it actually takes the censors to block new public circumvention locations. The difference with private systems — which can be the same technical solution as public systems — is that the location is only sent to a few, ideally trusted, people. In that way the censors cannot easily find and block the location of the circumvention system. However, this requires people to have contacts outside of their own country.

Our system leverages social networks as the discovery mechanism. The provider and the user(s) have a trust relationship and the circumvention location is known only to these trusted people. The limitation is that a user in a censored country must know someone in an uncensored country. I’ll be posting more shortly but, this is the key concept. there is no censtralized system. Each network of provider/users chooses how to grow the network. It can be small and extremely private or large and relatively semi-private. It depends on the specific context in which the users (in censored countries) live.